Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
829
VMScore

CVE-2021-30774

Published: 08/09/2021 Updated: 11/02/2022
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 829
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Apple

Vulnerability Summary

A logic issue was addressed with improved validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. A malicious application may be able to gain root privileges.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apple ipados

apple iphone os

apple mac os x

apple mac os x 10.15.7

apple macos

apple tvos

apple watchos

Mailing Lists

Full Disclosure: APPLE-SA-2021-07-21-1 iOS 14.7 and iPadOS 14.7
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> APPLE-SA-2021-07-21-1 iOS 147 and iPadOS 147 <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Apple Prod ...

Github Repositories

https://github.com/alibaba/AegiScan

A Static Dataflow Analysis Framework for iOS Applications.

AegiScan Aegi(s)Scan(er) is a static dataflow analysis framework for iOS application binaries, which can be used to facilitate vulnerability scanning Overview Design AegiScan utilizes top-down type propagation to resolve Objective-C MsgSend calls, thereby reconstructing the call graph It then generates the Code Property Graph (CPG) for each function to establish context-sensi

https://github.com/starf1ame/iService

iService: Detecting and Evaluating the Impact of Confused Deputy Problem in AppleOS (ACSAC'22)

iService Overview iService is a static analysis framework to detect confused deputies in system services in AppleOS Specifically, It resolves Objective-C Messages using the top-down type propagation and performs data dependence analysis to identify input validations of sensitive operations iService discovered 11 confused deputies, of which 5 were 0-day bugs with CVE numbers a

References

NVD-CWE-noinfohttps://support.apple.com/en-us/HT212604https://support.apple.com/en-us/HT212605https://support.apple.com/en-us/HT212602https://support.apple.com/en-us/HT212601https://support.apple.com/kb/HT212600https://nvd.nist.govhttps://github.com/alibaba/AegiScanhttp://seclists.org/fulldisclosure/2021/Jul/54
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
injectionCVE-2024-30983CVE-2023-4235CVE-2024-21338privilegeencryptionCVE-2023-4232CVE-2024-31497CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook